Lawsuit: Baby dies because of a ransomware attack on a hospital

Madison Tracy

The suit claims that a cyberattack resulted in a baby’s death due to medical staff being cut off from the equipment that monitors fetal heartbeats

The lawsuit states the plaintiff, Teiranni Kidd, is suing Springhill Memorial Hospital for the death of her baby nine months after delivering her during a cyberattack that disabled computers on every floor and cut off medical staff from the equipment that monitors fetal heartbeats in the 12 delivery rooms. The Wall Street Journal report claims that the hospital did not inform Kidd that the computers had been shut down by hackers, ultimately giving her baby diminished care.

Kidd’s daughter, Nicko Silar, was born with complications due to the umbilical cord being wrapped around her neck. She was diagnosed with severe brain damage and ultimately died nine months later. During the attack, Kidd argues fewer eyes were on the heart monitors. The Wall Street Journal reports that attending obstetrician Katelyn Parnell texted the nurse manager that she would have delivered the baby by cesarean section had she seen the monitor readout. “I need u to help me understand why I was not notified.” In another text, Dr. Parnell wrote: “This was preventable.”

This news comes in the wake of high cybercrime rates that have only accelerated since the pandemic. Healthcare facilities are at high risk for cyberattacks due to the life-or-death nature in which they exist. Springhill declined to name the hackers, but Allan Liska, a senior intelligence analyst at Recorded Future, said it was likely a Ryuk attack. The Wall Street Journal reported in June that Ryuk had hit 235 facilities, raking in more than $100 million since 2018. “The threat of a ransomware attack on healthcare organizations has never been more real, and the sophistication of bad actors and their attacks have grown tremendously over the last year,” said Thomas Lewis, Co-Founder of CyberMaxx.

“This is very sad news,” said CyberMaxx CEO Jason Riddle. “In our response to ransomware attacks, it’s not uncommon to see medical devices, like fetal heart monitors, disabled by the attacks. We’ve also been told by the victims that they had to turn away chemotherapy patients for treatment because those systems were disabled as a result.”

While the hospital denies any wrongdoing, the case will mark the first confirmed U.S. death related to a ransomware attack if proven in court.

Topics: cybersecurity, ransomware

Recent Insight